Safety First

Updated 5 April 2020

This page details key system-level risks that should be considered by anyone fabricating a manual resuscitator-based device. This is not an exclusive list, but should be a starting point.

Risk Mitigation
Patient circuit disconnect Pressure sensor identifies loss of pressure; Alarm Convert to manual bagging; Correct disconnect
Bag rupture Pressure sensor identifies loss of pressure; Alarm Convert to manual bagging; Replace bag
Oxygen leak This risk is native to the manual resuscitation bag and is addressed by the bag instructions. The bag is exposed and any leaked oxygen will dissipate
EMI emission motor This is a low risk, should it be an issue a metal faraday cage can be placed around the motor (Conduct formal testing if required)
EMI interference with controller Board traces have been minimized and grounded
There are no high frequency signals susceptible to interference; DC simple analog and digital channels Controller has been used in an OR environment and no interference noticed
Power loss Use an uninterruptible power supply (UPS) with an alarm
Convert to manual bagging; Address power loss
Gear drive failure This will manifest as increasing slop in the mechanism Arm should be inspected daily for looseness
Motor failure System will not arrive at a desired position; Encoder will detect failure to reach position; Alarm will sound Convert to manual bagging; Correct disconnect
Accidental change in settings Changing setting knobs changes values on screen, but does not affect a physical change until confirm button is pressed In case of failure to press confirm alarm sounds
Pinch points Mechanism is covered; Arms project through a slot
Bag displacement Pressure sensor identifies loss of pressure; Alarm sounds Convert to manual bagging; Reposition bag

In all cases the patient should be closely monitored and connected to a pulse oximeter. Any significant change in patient condition, whether it comes from the patient or a mechanical failure, will manifest as a decrease in oxygenation requiring intervention.


16 Replies to “Safety First”

  1. Britt Johnston
    Britt Johnston

    Additional failure conditions:
    – Power Disconnected: Device ceases operation, display goes dark. Determine if E-Stop is activated, check power switch, power cable, reconnect power
    – Power supply failure, power switch failure: …
    – Electronics failure: …
    – Each switch failure: …
    – Each POT failure: …
    The display is critical in determining if electronics are running, perhaps an LED is needed which can communicate power on during configuration and a “heartbeat” on each cycle while device is running. In the event of display failure.

  2. Thiago Ennes
    Thiago Ennes

    -Ambu bags valves can fail open or closed! They are not designed for extensive use.

    Not sure if it qualifies as failure modes:
    -Hepa inline filters will degrade and their flow resistance will increase over time.
    -The machine falling from the table is a concern. Suction cups or a ballast weight and rubber feet could be used.

    • GK USAP
      GK USAP

      In our experience so far, Ambu bag valves fail due to debris and moisture buildup, especially in the patient side. Fortunately, these can be accessed, removed, cleaned, and put back into service should a readily available supply not be at hand. Any facility running these would need extra valves on hand and make their cleaning/maintenance a regular procedure.

      We haven’t tested this yet, but my suspicion is that removing the patient valve assembly, flushing it with isopropyl alcohol and allowing it to throughly dry would bring them back to 100%.

      • Thiago Ennes
        Thiago Ennes

        There is already a protocol for cleaning debris from vomiting, for example, by the ambu bag manufacturer. I don’t think it would be a problem for the project.
        Could the team work on a more accessible way to measure pressure? Maybe for version 2.0? I am deeply concerned with sensor availability and price.
        I am afraid that people will resort to using the machine on volume only, and that would be very dangerous.

  3. Sean Allen
    Sean Allen

    -Changed settings could have a “revert to previously confirmed settings” option to readily undo accidental knob adjustment.

    -Encoder and pressure monitoring together should be able to show early signs of gear drive failure

  4. Jeremy Saldate
    Jeremy Saldate

    On the topic of motor failure, would a better solution be to install a secondary, hot-swappable, motor, with operation triggered by failure of the primary motor, rather than simply an audible alarm? A non-urgent alarm then would notify staff of need for primary motor replacement.

    One additional failure risk which should be included- metal fatigue of the arms over time. Pressure sensor identifies loss of pressure; Alarm

  5. ROBERTO EUGENIO CORTEZ SILVA
    ROBERTO EUGENIO CORTEZ SILVA

    Recomiendo implementar monitores de componentes continuos y no continuos por hardware y software. que incluyan:
    Monitoreo del buen funcionamiento del ciclo de manera continua
    Monitoreo continuo de los sensores y actuadores por: desconexión, corto a tierra, corto a positivo
    Monitoreo no continuo de funciones especiales del sistema
    Implementación de estrategias de emergencia en caso de fallas.
    Generación de códigos de fallas.

  6. J L
    J L

    If you really wanted to be complete, the risk chart would have columns for Severity, and for Probability of Occurrence. The product of those two would be the Risk Assessment for that particular risk. Another column for Harm could also be added.

Leave a Reply